Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vlad_Tonne
Employee Alumnus
Employee Alumnus
Jump to solution

Web API - setting track level

Hi CheckMates,

 

Encountered an issue with Management API while creating a rule via Web API.

Trying to set track level according to https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/set-access-rule~v1.5%20   , track field is able to receive "log"  (even though it seems not to be documented).

However, it automatically switches on "Accounting" log feature as well.

Trying to adjust the accounting setting results in an error.

 

Any thoughts how it can be resolved?

 

Sent payload that creates a rule with logging enabled plus accounting:

payload_For_API = {
"layer": "Network",
"position": "top",
"name": "API 1",
"action": "Accept",
"destination": "hst_dst_1.10.1.100",
"service": "Kubernetes1",
"enabled": True,
"source": "Any",
"track": "log"
}

 

Trying to use track.type (as in https://community.checkpoint.com/t5/Policy-Management/change-to-Track-setting-in-policy/m-p/47958#M2...) results in 

{'code': 'generic_err_invalid_parameter_name', 'message': 'Unrecognized parameter [track.type]'}

 

Trying to configure track using additional fields:

{'code': 'generic_err_invalid_parameter', 'message': 'Invalid parameter for [track]. The invalid value [ "accounting" : False }] should be replaced by one of the following values: [none, log, extended log, detailed log]'}

or:

{'code': 'generic_err_invalid_parameter', 'message': 'Invalid parameter for [track]. The invalid value [ "log" , {"accounting" : False }] should be replaced by one of the following values: [none, log, extended log, detailed log]'}

 

Thanks,

Vlad Tonne

1 Solution

Accepted Solutions
Amiad_Stern

@Vlad_Tonne , @Maik ,

Which version are we talking about?

Here are commands that worked for me on R80.30.

 

mgmt_cli:

mgmt_cli add access-rule layer "Network" position 1 name "Rule 1" track.type "Log" track.accounting true

 

Web Services:

  {
"name": "amiad rule1",
"position" : 1,
"track": {
"accounting": true,
"type": "Log"
},
"layer": "Network"
}

View solution in original post

8 Replies
Maarten_Sjouw
Champion
Champion
try to use "track.accounting true"
Regards, Maarten
0 Kudos
Maik
Advisor

As Maarten mentioned "track.accounting true" should work fine.

The documentation mentions that accounting only accepts boolean values; meaning true or false.

The "type" option can only be used with "Log", "Extended Log", "Detailed Log" or "None".

Unbenannt.PNG

Vlad_Tonne
Employee Alumnus
Employee Alumnus

Hi,

 

Usage of "track.accounting" results in error.

 

"track": "log",
"track.accounting": False

{'layer': 'Network', 'position': 'top', 'name': 'API 1', 'action': 'Accept', 'destination': 'hst_dst_1.10.1.100', 'service': 'Kubernetes1', 'enabled': True, 'source': 'Any', 'track': 'log', 'track.accounting': False}

{'code': 'generic_err_invalid_parameter_name', 'message': 'Unrecognized parameter [track.accounting]'} 

 

BR,

Vlad Tonne.

 

0 Kudos
Maik
Advisor

Works via management cli:

 

"add access-rule name 'Test' layer Network position bottom track.accounting true"

 

My guess is that you cant use both statements with one task:

"track": "log",
"track.accounting": False

 

Try to create the rule with track log first and afterwards use the set access rule command and enable account via "track.accounting": True.

Vlad_Tonne
Employee Alumnus
Employee Alumnus
Already tried that.
Still same issue when doing the setting via Web API.

BR,
Vlad
0 Kudos
Maik
Advisor

Maybe @Amiad_Stern can help.

0 Kudos
Amiad_Stern

@Vlad_Tonne , @Maik ,

Which version are we talking about?

Here are commands that worked for me on R80.30.

 

mgmt_cli:

mgmt_cli add access-rule layer "Network" position 1 name "Rule 1" track.type "Log" track.accounting true

 

Web Services:

  {
"name": "amiad rule1",
"position" : 1,
"track": {
"accounting": true,
"type": "Log"
},
"layer": "Network"
}

Vlad_Tonne
Employee Alumnus
Employee Alumnus
Rule creation worked without accounting, upon setting:
payload_For_API = {
"name": "amiad rule1",
"position" : 1,
"track": {
"accounting": False,
"type": "Log"
},
"layer": "Network"
}

It might be worthwhile to add in API documentation "required" for "type" when additional flags like "accounting" are to be used.

Thanks,
Vlad

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events